Skip to content

Isn't it a security risk to disable SSL peer validations? #95

New issue
New issue
Open
Open
Isn't it a security risk to disable SSL peer validations?#95
@timint

Description

@timint
timint
opened on Jul 28, 2021

Isn't it a security risk to disable SSL peer verifying? As we are making money transactions I think this one is critical.
This allows for man in the middle attacks.

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

https://github.com/sveawebpay/php-integration/blob/master/src/HostedService/HostedRequest.php#L61

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions